Skip to main content
SpringerLink
Log in

A password less authentication protocol for multi-server environment using physical unclonable function

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Password-based authentication is the most commonly used method to authenticate users to get online services. In password-based authentication, the users must remember all their complex passwords and also need to update them constantly. Since users do not utilize high-entropy passwords, password-based authentication mechanisms are susceptible to offline password-guessing attacks. Passwordless authentication protocol has therefore been developed by researchers. In this work, we propose a secure authentication mechanism that combines a password-protected biometric with physically unclonable functions (PUF). PUF authentication is a cryptographic technology used to provide secure authentication. PUF authentication works by using the physical characteristics of a device to generate a unique cryptographic key. This key is then used to authenticate the device and grant access to protected resources. PUF authentication can be used to protect data, networks, and communication systems from unauthorized access. The technology is also used to protect against replay attacks, man-in-the-middle attacks, and other forms of malicious activity. PUF authentication is cost-effective and provides a high level of security. Our suggested methodology gets over issues with existing systems including Key Compromise Impersonation Attacks, Wrong Login, and Server Registration Complexity. The proposed protocol is validated using“Automated Validation of Internet Security Protocols and Applications (AVISPA)” and Scyther tool and its security is explicitly demonstrated by“BAN Logic”. Furthermore, by contrasting several parameter metrics with those of the existing systems, the efficiency of our technique is highlighted.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data availability

The data used to support the findings of this study are available from the corresponding author.

References

  1. Goertzel KM, Hamilton BA (2013) Integrated circuit security threats and hardware assurance countermeasures. CrossTalk 26(6):33–38

    Google Scholar 

  2. Bruce Schneier (2018) Click here to kill everybody: security and survival in a hyper-connected world. WW Norton & Company, New York

    Google Scholar 

  3. Woolf N (2016) Ddos attack that disrupted internet was largest of its kind in history, experts say. The Guardian 26

  4. Holloway M (2015) Stuxnet worm attack on Iranian nuclear facilities. Retrieved April, 13:2017

  5. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    Google Scholar 

  6. Wang D, Wang P (2016) Two birds with one stone: Two-factor authentication with security beyond conventional bound. IEEE Trans Dependable Secure Comput 15(4):708–722

    Google Scholar 

  7. Bian W, Gope P, Cheng Y, Li Q (2020) Bio-aka: an efficient fingerprint based two factor user authentication and key agreement scheme. Futur Gener Comput Syst 109:45–55

    Google Scholar 

  8. Qiu S, Wang D, Xu G, Kumari S (2020) Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices. IEEE Transactions on Dependable and Secure Computing 19(2):1338–1351

    Google Scholar 

  9. Wiercioch A, Teufel S, Teufel B (2018) The authentication dilemma. J Commun 13(8):443–449

    Google Scholar 

  10. Tsai C-H, Pin-Chang S (2021) The application of multi-server authentication scheme in internet banking transaction environments. IseB 19(1):77–105

    Google Scholar 

  11. Rehman HU, Ghani A, Chaudhry SA, Alsharif MH, Nabipour N (2021) A secure and improved multi server authentication protocol using fuzzy commitment. Multim Tools Appl 80(11):16907–16931

    Google Scholar 

  12. Jiang Y, Zhu Y, Wang J, Xiang Y (2020) Efficient authentication protocol with anonymity and key protection for mobile internet users. J Parallel Distrib Comput 137:179–191

    Google Scholar 

  13. Barman S, Das AK, Samanta D, Chattopadhyay S, Rodrigues PY (2018) Provably secure multi-server authentication protocol using fuzzy commitment. IEEE Access 6:38578–38594

    Google Scholar 

  14. Dongqing X, Chen J, Liu Q (2019) Provably secure anonymous three-factor authentication scheme for multi-server environments. J Ambient Intell Humaniz Comput 10(2):611–627

    Google Scholar 

  15. Chatterjee S, Roy S, Das AK, Chattopadhyay S, Kumar N, Vasilakos AV (2016) Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Trans Dependable Secur Comput 15(5):824–839

    Google Scholar 

  16. Islam SK (2014) A provably secure id-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wirel Pers Commun 79(3):1975–1991

    Google Scholar 

  17. Ying B, Nayak A (2019) Lightweight remote user authentication protocol for multi-server 5g networks using self-certified public key cryptography. J Netw Comput Appl 131:66–74

    Google Scholar 

  18. Palit SK, Chakraborty M, Chakraborty S (2023) Performance analysis of 5gmaka: lightweight mutual authentication and key agreement scheme for 5g network. J Supercomput 79(4):3902–3935

    Google Scholar 

  19. Reddy AG, Yoon E-J, Das AK, Odelu V, Yoo K-Y (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5:3622–3639

    Google Scholar 

  20. Wang J, Zhu Y, Maqbool S et al (2021) An efficient hash-based authenticated key agreement scheme for multi-server architecture resilient to key compromise impersonation. Digit Commun Netw 7(1):140–150

    Google Scholar 

  21. Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst (TOCS) 8(1):18–36

    MATH  Google Scholar 

  22. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual International Cryptology Conference. Springer, pp 388–397

  23. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    MathSciNet  MATH  Google Scholar 

  24. Chun JY, Hwang JY, Lee DH (2009) A note on leakage-resilient authenticated key exchange. IEEE Trans Wirel Commun 8(5):2274–2279

    Google Scholar 

  25. Fouda MM, Fadlullah ZM, Kato N, Lu R, Shen XS (2011) A lightweight message authentication scheme for smart grid communications. IEEE Trans Smart Grid 2(4):675–685

    Google Scholar 

  26. Li C-T, Weng C-Y, Lee C-C (2013) An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks. Sensors 13(8):9589–9603

    Google Scholar 

  27. Shi W, Gong P (2013) A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. Int J Distrib Sens Netw 9(4):730831

    Google Scholar 

  28. Alzahrani BA, Chaudhry SA, Barnawi A, Al-Barakati A, Shon T (2020) An anonymous device to device authentication protocol using ecc and self certified public keys usable in internet of things based autonomous devices. Electronics 9(3):520

    Google Scholar 

  29. Shivraj VL, Rajan MA, Singh M, Balamuralidhar P (2015) One time password authentication scheme based on elliptic curves for internet of things (iot). In: 2015 5th National Symposium on Information Technology: Towards New Smart World (NSITNSW). IEEE, pp 1–6

  30. Hammi B, Fayad A, Khatoun R, Zeadally S, Begriche Y (2020) A lightweight ecc-based authentication scheme for internet of things (iot). IEEE Syst J 14(3):3440–3450

    Google Scholar 

  31. Upadhyay D, Gaikwad N, Zaman M, Sampalli S (2022) Investigating the avalanche effect of various cryptographically secure hash functions and hash-based applications. IEEE Access 10:112472–112486

    Google Scholar 

  32. Lee W-K, Jang K, Song G, Kim H, Hwang SO, Seo H (2022) Efficient implementation of lightweight hash functions on gpu and quantum computers for iot applications. IEEE Access 10:59661–59674

    Google Scholar 

  33. Vishwakarma L, Nahar A, Das D (2022) Lbsv: Lightweight blockchain security protocol for secure storage and communication in sdn-enabled iov. IEEE Trans Veh Technol 71(6):5983–5994

    Google Scholar 

  34. Aman MN, Chua KC, Sikdar B (2017) Mutual authentication in iot systems using physical unclonable functions. IEEE Internet Things J 4(5):1327–1340

    Google Scholar 

  35. Chatterjee U, Chakraborty RS, Mukhopadhyay D (2017) A puf-based secure communication protocol for iot. ACM Trans Embed Comput Syst (TECS) 16(3):1–25

    Google Scholar 

  36. Braeken A (2018) Puf based authentication protocol for iot. Symmetry 10(8):352

    Google Scholar 

  37. Li S, Huang Y, Yu B, Bao B (2019) A puf-based low cost secure communication scheme for iot. Acta Elect Sin 47(4):812

    Google Scholar 

  38. Sudhakar T, Natarajan V, Gopinath M, Saranyadevi J (2020) An enhanced authentication protocol for multi-server environment using password and smart card. Wirel Pers Commun 115:2779–2803

    Google Scholar 

  39. Kumar A, Om H (2018) An improved and secure multiserver authentication scheme based on biometrics and smartcard. Digit Commun Netw 4(1):27–38

    Google Scholar 

  40. Yu S, Park Y (2022) A robust authentication protocol for wireless medical sensor networks using blockchain and physically unclonable functions. IEEE Internet Things J 9(20):20214–20228

    Google Scholar 

  41. Chen Y, Chen J (2021) An efficient mutual authentication and key agreement scheme without password for wireless sensor networks. J Supercomput 77(12):13653–13675

    Google Scholar 

  42. Zhang H, Bian W, Jie B, Deqin X, Zhao J (2021) A complete user authentication and key agreement scheme using cancelable biometrics and puf in multi-server environment. IEEE Trans Inf Forensics Secur 16:5413–5428

    Google Scholar 

  43. Li S, Zhang T, Bin Yu, He K (2020) A provably secure and practical puf-based end-to-end mutual authentication and key exchange protocol for iot. IEEE Sens J 21(4):5487–5501

    Google Scholar 

  44. Chaterjee U, Mukhopadhyay D, Chakraborty RS (2020) 3paa: A private puf protocol for anonymous authentication. IEEE Trans Inf Forensics Secur 16:756–769

    Google Scholar 

  45. Ayub MF, Saleem MA, Altaf I, Mahmood K, Kumari S (2020) Fuzzy extraction and puf based three party authentication protocol using usb as mass storage device. J Inf Secur Appl 55:102585

    Google Scholar 

  46. Zerrouki F, Ouchani S, Bouarfa H (2022) Puf-based mutual authentication and session key establishment protocol for iot devices. J Ambient Intell Humaniz Comput 1–19

  47. Frikken KB, Blanton M, Atallah MJ (2009) Robust authentication using physically unclonable functions. In: International Conference on Information Security. Springer, pp 262–277

  48. Jiang Q, Zhang X, Zhang N, Tian Y, Ma X, Ma J (2021) Three-factor authentication protocol using physical unclonable function for iov. Comput Commun 173:45–55

    Google Scholar 

  49. Chikouche N, Cayrel P-L, Mboup EHM, Boidje BO (2019) A privacy-preserving code-based authentication protocol for internet of things. J Supercomput 75:8231–8261

    Google Scholar 

  50. Shao X, Guo Y, Guo Y (2022) A puf-based anonymous authentication protocol for wireless medical sensor networks. Wirel Netw 28(8):3753–3770

    Google Scholar 

  51. Mall P, Amin R, Das AK, Leung MT, Choo KKR (2022) Puf-based authentication and key agreement protocols for iot, wsns, and smart grids: a comprehensive survey. IEEE Internet Things J 9(11):8205–8228

    Google Scholar 

  52. Pappu R, Recht B, Taylor J, Gershenfeld N (2002) Physical one-way functions. Science 297(5589):2026–2030

    Google Scholar 

  53. Mostafa A, Lee SJ, Peker YK (2020) Physical unclonable function and hashing are all you need to mutually authenticate iot devices. Sensors 20(16):4361

    Google Scholar 

  54. Banerjee S, Odelu V, Das AK, Chattopadhyay S, Rodrigues JJPC, Park Y (2019) Physically secure lightweight anonymous user authentication protocol for internet of things using physically unclonable functions. IEEE Access 7:85627–85644

    Google Scholar 

  55. Boyen X (2004) Reusable cryptographic fuzzy extractors. In: Proceedings of the 11th ACM Conference on Computer and Communications Security. pp 82–91

  56. Glouche Y, Genet T, Heen O, Courtay O (2006) A security protocol animator tool for avispa. In: ARTIST2 Workshop on Security Specification and Verification of Embedded Systems, Pisa. pp 1–7

  57. Armando A, Basin D, Cuellar J, Rusinowitch M, Viganò L (2006) Avispa: automated validation of internet security protocols and applications. ERCIM News 64(January)

  58. Cremers CJF et al (2006) Scyther: Semantics and verification of security protocols. Eindhoven University of Technology Eindhoven, Netherlands

    Google Scholar 

  59. Yadav AK, Braeken A, Misra M (2023) Symmetric key-based authentication and key agreement scheme resistant against semi-trusted third party for fog and dew computing. J Supercomput, pp 1–39

  60. Chen R, Mou Y, Zhang M (2022) A novel three-factor authentication scheme with high security for multi-server environments. Wirel Personal Commun 1–19

  61. Li J, Su Z, Guo D, Choo K-KR, Ji Y (2021) Psl-maaka: Provably secure and lightweight mutual authentication and key agreement protocol for fully public channels in internet of medical things. IEEE Internet Things J 8(17):13183–13195

    Google Scholar 

  62. Tsobdjou LD, Pierre S, Quintero A (2021) A new mutual authentication and key agreement protocol for mobile client-server environment. IEEE Trans Netw Serv Manag 18(2):1275–1286

    Google Scholar 

  63. Andola N, Prakash S, Gahlot R, Venkatesan S, Verma S (2022) An enhanced smart card and dynamic id based remote multi-server user authentication scheme. Cluster Comput 25(5):3699–3717

    Google Scholar 

  64. Wang W, Chen Q, Yin Z, Srivastava G, Gadekallu TR, Alsolami F, Su C (2021) Blockchain and puf-based lightweight authentication protocol for wireless medical sensor networks. IEEE Internet Things J 9(11):8883–8891

    Google Scholar 

  65. Kumar P, Om H (2022) A secure and efficient authentication protocol for wireless applications in multi-server environment. Peer-to-Peer Netw Appl 15(4):1939–1952

    Google Scholar 

  66. Idriss TA, Idriss HA, Bayoumi MA (2021) A lightweight puf-based authentication protocol using secret pattern recognition for constrained iot devices. IEEE Access 9:80546–80558

    Google Scholar 

  67. Roy S, Das D, Mondal A, Mahalat MH, Sen B, Sikdar B (2022) Plake: Puf based secure lightweight authentication and key exchange protocol for iot. IEEE Internet Things J

Download references

Acknowledgements

The authors would like to thank VIT-AP University, the editors and the reviewers. The authors would like to thank Dr. T. Sudhakar and Dr. S. Sibi Chakkaravarthy, Associate Professor, SCOPE, VIT-AP University for his support. The authors would like to thank Dr.Umakanta Nanda, Professor and Dean, SENSE, VIT-AP University for his continuous support and encouragement. A special thanks to Dr. Hari Seetha and the team members of Center of Excellence, Cyber Security & Artificial Intelligence and Robotics (AIR), VIT-AP University.

Funding

No funding agencies. This work is carried out as part of my doctoral committee.

Author information

Authors and Affiliations

  1. School of Electronics Engineering, VIT-AP University, AP Campus, Amaravathi, 522237, India

    E. Praveen Kumar & S. Priyanka

Authors
  1. E. Praveen Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Priyanka
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

EPK: Conceptualization, Methodology & implementation. SP: Supervision, Writing—review & editing.

Corresponding author

Correspondence to S. Priyanka.

Ethics declarations

Conflict of interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Ethical approval

Not applicable.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Praveen Kumar, E., Priyanka, S. A password less authentication protocol for multi-server environment using physical unclonable function. J Supercomput 79, 21474–21506 (2023). https://doi.org/10.1007/s11227-023-05437-3

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-023-05437-3

Keywords

Search

Navigation